On the official forums there is a lot of discussion about addons reading your RealID and broadcasting it to other players. Most of it is just uninformed copy-pasting some code snippets they don't really understand. Blue said (if I understood correctly) that reading and broadcasting RealID through an addon is possible and that people who care about their anonimity just shouldn't use addons.
I don't want to start a discussion here about RealID in general or whether anybody has to hide anything or whether anybody cares or should care.
Just accept as a given that 1. SOME people don't want to get connected to WoW with their real name for several legit reasons and that 2. it most probably won't be possible to get this data out of the world again if it ever gets collected by anybody.
So for those people that care about their anonimity it is important to make shure that they don't install an addon that - maliciously or by mistake - broadcasts their RealID to others. I'm starting a discussion here because I know that posters here will be generally better informed about lua and I hope to get an explanation from our resident addon gurus what lua code at the moment can do and whether there is a way to identify this code.
There is an AddOn called BlizzBugsSuck which prevents the broadcast of your name and also tells you which AddOn tried to do so...of course, it also provides fixes for other bugs in the default UI.
There is exactly one WoW API function that can send messages to other players: SendAddonMessage.
It's nice for me to say this again: (and again and again)
DO NOT TRUST ADDONS THAT USE SendAddonMessage!
Any addon with SendAddonMessage _can_ send any global (and even everything locally available within it's own code) variable data from any addon to any player without userinteraction, and hey get this: all SavedVariables data is global; accessible and available for all other addons!
Big potential for misuse.
If you want to use an addon:
1) search the complete source code (incl. libs) for 'SendAddonMessage'
2) if you find 'SendAddonMessage' read the code and try to understand what this addon is sending
3) if you do not know (by source code) what this addon is sending: DO NOT USE IT!
Simple and radical solution.
Alternatively it's possible to simply comment-out the SendAddonMessage code line(s), but this depends on the code: some addons may not work correctly anymore.
Sure, I use some addons that comes orginally with SendAddonMessage shit in it, but I simply delete the ****** I do not want (LibHealComm/ChatThrottleLib, ...) or I know that they are ok (Capping) or I simply comment-out the pure presence of SendAddonMessage (Ace2/3, ...).
kunda: data can be sent with that function or SendChatMessage yeah go figure some people code thier addond to use Whispers instead of the addon channel to exchange data. And if you have any realid friends guess what thier could be sending your name to other people. So if you reallllly dont want your name sent out, install BlizzBugSuck and make sure you have parental controls active and turn off real id and dont use any addons.
There is exactly one WoW API function that can send messages to other players: SendAddonMessage.
It's nice for me to say this again: (and again and again)
DO NOT TRUST ADDONS THAT USE SendAddonMessage!
Any addon with SendAddonMessage _can_ send any global (and even everything locally available within it's own code) variable data from any addon to any player without userinteraction, and hey get this: all SavedVariables data is global; accessible and available for all other addons!
Big potential for misuse.
If you want to use an addon:
1) search the complete source code (incl. libs) for 'SendAddonMessage'
2) if you find 'SendAddonMessage' read the code and try to understand what this addon is sending
3) if you do not know (by source code) what this addon is sending: DO NOT USE IT!
Simple and radical solution.
If a mod was doing something truly dodgy they would probably obfuscate the reference i.e.
local f = _G[string.char(83, 101, 110, 100, 65, 100, 100, 111, 110, 77, 101, 115, 115, 97, 103, 101)]
I would like to note that, unless you're actually using RealID friends, an addon can't get anything of use that I've been able to find yet. I *have* a valid reason for needing the player's name in an addon, and I can't find any way to get it unless you're in a BNet group chat room. The people posting shit to forums are just stiring up drama with a bunch of paranoia FUD.
The point is: It is possible for an addon to get the RealID name (it was when I last tested it one day after Patch 3.3.5 was released in europe) and anything I wrote in post#3 and broadcast it to anybody via SendAddonMessage!!!
THIS IS TRUE BY DEFAULT!!!
BY DEFAULT NO PARENTAL CONTROL IS ACTIVATED IF YOU GET A BATTLE.NET ACCOUNT!!!
Sure, anybody should now know, that activating parental control and there disable RealID no lua code can get a RealID name.
But, be honest: who has activated parental control bevor Patch 3.3.5? Only parents who care. And as a mature player I am now my own kid (even with bogus account data). Brave New World.
And if Blizzard remove all the BN...() API functions (or similar) or make it impossible for addons to use: good.
Hey, I don't care about RealID, my account informations are bogus anyway. But I hate SendAddonMessage. SendAddonMessage is shit. Nobody needs such a function. Blizzard restricted the Talent/Achievement scan with Patch 3.3.5 to 6 scans in a row with a 10-second break, but that shit function SendAddonMessage has still no restriction...wtf
you are concerned with someone finding out your real name via an addon? i read it a couple times to make sure there wasn't some deeper level information that you were worried about but nope... it's your name. that kind of anonimity online is for very bad people, what have you done?
@Kunda: could you just stop annoying us with your paranoiac delirium please ? If you don't trust any addon authors, don't use any addon you haven't written yourself. And stop spreading false information too please.
@kaimon: getting your realid involves using the function BNSendWhisper. You have several solution to counter this :
1) if you do not use and do not plan to use the RealID feature, use the parental control settings in your account management page to disable it totally,
Else:
2) as already said, you can install an addon like !BlizzBugSucks that prevents BNSendWhisper exploit,
3) as a double check, you can search for the string BNSendWhisper in your AddOns directory (and its subdirectories). If it appears in any addon beside !BlizzBugSucks, disable that addon and ask someone competent (there are lots of this people there) to take a look at the addon code.
@Kunda: ...And stop spreading false information too please...
@Adirelle: Please prove that I have NOT told the truth. Please read my posts!
I ONLY TRUST WHAT THE OFFICIAL WOW SERVER(S) GIVE ME!!!
The official Blizzard Servers (Patch 3.3.5.12340) allowed me to to get the RealID name with an addon (if Parental Control is NOT activated and so RealID is enabled) and send it via SendAddonMessage to anybody. I tested this one day after Patch 3.3.5.12340 was released in europe, and I get my RealID name with a simple addon -> any addon can do this and send it via SendAddonMessage to anybody!
This is what this thread is about: get RealID via addon and send it via addon!
Sorry, but this is simply the truth. (and if Blizzard disabled any BN...() API functions: GOOD!)
And NO I will not test this again in any upcoming update because of this:
READ THIS AND THINK!:
If you have ever enabled Parental Control within battle.net you know that they did a really really bad job: the 'https-url' you get in your email to change the setting for the account is SIMPLY UNSECURE !!! A https-url that is send (unencrypted) to an email address IS UNSECURE!!! Anybody between can SEE THIS URL and can USE it to CHANGE the settings for this account !!! THIS IS A VERY VERY BAD and UNSECURE PROCEDURE!!! (ok, in a worse case scenario you can simply re-enter the email addresss and get a new URL code - but hey, only a one-cell brainer can implement such an unsecure procedure).
ohh well, I think the majority does not understand or know what I talk about...
Post your code. I have tested every version of the "send a whisper to yourself" crap that people have been spreading and none of them work. They all seem to rely on getting your own ID from the friends list and then whispering yourself and watching the name that comes through. You can't friend yourself, so you can't get your own presenceID from the friend list, and you can't message users that aren't on your friends list, so it all fails silently. The only case I've seen is BNet chat, which requires you to have two online BNet friends, initiate a chat, and send a message that both of them will see.
Your little crusade against SendAddonMessage makes no sense. An addon could just as well /yell anything it wanted and hide the yell from you. SAM only works if the other player has something to catch and handle the message, and is directly targeted at a small number of players, not everyone in /yell range. There is nothing wrong with SAM that isn't an issue with any system where you can communicate with other users.
@Vimes: Go read my first post please and don't troll.
@Adirelle: This was exactly the answer I was looking for. I did no. 1) and 2) anyway but I was interested in no. 3) for more general purposes. So BNSendWhisper is the code to look for ... What about SendAddonMessage which according to Kunda could be used too for the broadcast? Or /yell as Tekkub said (really?) ... Is it mandatory to use BNSendWhisper to spread the collected information?
@Tekkub: It seems to be proven (and admitted by blue) that an addon can get your own RealID. Storing that information and spreading it to other users of that addon shouldn't be a problem? A lot of addons do that with a lot of other informations.
<quote>you can't message users that aren't on your friends list</quote>
Did Blizz somehow internally protect that RealID information and restricted the transmission to your friends list? Somebody said that whatever you store in your SavedVariables is free game.
The only place I've seen your own name exposed to yourself is in BNet group chat, as I said above. That's actually what I wanted to *fix* with my addon, but I need to know the player's own name to do that. I have tried every "send a BN whisper to yourself" method I've seen, and NONE work. So, again, please post code, don't just say it works for you or someone... PROVE IT!
Oh and a side note, I've been told that even in BN group chat your own real name will be going away sometime in the future, so there isn't too much to worry about really, for the paranoids. It sounded like they were just going to replace it with your current toon's name. Friends would still see your real name, though.
I don't want to start a discussion here about RealID in general or whether anybody has to hide anything or whether anybody cares or should care.
Just accept as a given that 1. SOME people don't want to get connected to WoW with their real name for several legit reasons and that 2. it most probably won't be possible to get this data out of the world again if it ever gets collected by anybody.
So for those people that care about their anonimity it is important to make shure that they don't install an addon that - maliciously or by mistake - broadcasts their RealID to others. I'm starting a discussion here because I know that posters here will be generally better informed about lua and I hope to get an explanation from our resident addon gurus what lua code at the moment can do and whether there is a way to identify this code.
-
View User Profile
-
View Posts
-
Send Message
Project AuthorThere is exactly one WoW API function that can send messages to other players: SendAddonMessage.
It's nice for me to say this again: (and again and again)
DO NOT TRUST ADDONS THAT USE SendAddonMessage!
Any addon with SendAddonMessage _can_ send any global (and even everything locally available within it's own code) variable data from any addon to any player without userinteraction, and hey get this: all SavedVariables data is global; accessible and available for all other addons!
Big potential for misuse.
If you want to use an addon:
1) search the complete source code (incl. libs) for 'SendAddonMessage'
2) if you find 'SendAddonMessage' read the code and try to understand what this addon is sending
3) if you do not know (by source code) what this addon is sending: DO NOT USE IT!
Simple and radical solution.
Alternatively it's possible to simply comment-out the SendAddonMessage code line(s), but this depends on the code: some addons may not work correctly anymore.
Sure, I use some addons that comes orginally with SendAddonMessage shit in it, but I simply delete the ****** I do not want (LibHealComm/ChatThrottleLib, ...) or I know that they are ok (Capping) or I simply comment-out the pure presence of SendAddonMessage (Ace2/3, ...).
Or try Spamalyzer and/or StopAddonMessage.
There are many good addons and authors you can trust, but if you do not know what SendAddonMessage is sending: simply do not use such addons!
If a mod was doing something truly dodgy they would probably obfuscate the reference i.e.
So your best option is probably StopAddonMessage
:) Touché. Good example.
The point is: It is possible for an addon to get the RealID name (it was when I last tested it one day after Patch 3.3.5 was released in europe) and anything I wrote in post#3 and broadcast it to anybody via SendAddonMessage!!!
THIS IS TRUE BY DEFAULT!!!
BY DEFAULT NO PARENTAL CONTROL IS ACTIVATED IF YOU GET A BATTLE.NET ACCOUNT!!!
Sure, anybody should now know, that activating parental control and there disable RealID no lua code can get a RealID name.
But, be honest: who has activated parental control bevor Patch 3.3.5? Only parents who care. And as a mature player I am now my own kid (even with bogus account data). Brave New World.
And if Blizzard remove all the BN...() API functions (or similar) or make it impossible for addons to use: good.
Hey, I don't care about RealID, my account informations are bogus anyway. But I hate SendAddonMessage. SendAddonMessage is shit. Nobody needs such a function. Blizzard restricted the Talent/Achievement scan with Patch 3.3.5 to 6 scans in a row with a 10-second break, but that shit function SendAddonMessage has still no restriction...wtf
-
View User Profile
-
View Posts
-
Send Message
Curse PremiumIrrational Crusade is irrational.
-
View User Profile
-
View Posts
-
Send Message
Curse Premium@kaimon: getting your realid involves using the function BNSendWhisper. You have several solution to counter this :
1) if you do not use and do not plan to use the RealID feature, use the parental control settings in your account management page to disable it totally,
Else:
2) as already said, you can install an addon like !BlizzBugSucks that prevents BNSendWhisper exploit,
3) as a double check, you can search for the string BNSendWhisper in your AddOns directory (and its subdirectories). If it appears in any addon beside !BlizzBugSucks, disable that addon and ask someone competent (there are lots of this people there) to take a look at the addon code.
@Adirelle: Please prove that I have NOT told the truth. Please read my posts!
I ONLY TRUST WHAT THE OFFICIAL WOW SERVER(S) GIVE ME!!!
The official Blizzard Servers (Patch 3.3.5.12340) allowed me to to get the RealID name with an addon (if Parental Control is NOT activated and so RealID is enabled) and send it via SendAddonMessage to anybody. I tested this one day after Patch 3.3.5.12340 was released in europe, and I get my RealID name with a simple addon -> any addon can do this and send it via SendAddonMessage to anybody!
This is what this thread is about: get RealID via addon and send it via addon!
Sorry, but this is simply the truth. (and if Blizzard disabled any BN...() API functions: GOOD!)
And NO I will not test this again in any upcoming update because of this:
READ THIS AND THINK!:
If you have ever enabled Parental Control within battle.net you know that they did a really really bad job: the 'https-url' you get in your email to change the setting for the account is SIMPLY UNSECURE !!! A https-url that is send (unencrypted) to an email address IS UNSECURE!!! Anybody between can SEE THIS URL and can USE it to CHANGE the settings for this account !!! THIS IS A VERY VERY BAD and UNSECURE PROCEDURE!!! (ok, in a worse case scenario you can simply re-enter the email addresss and get a new URL code - but hey, only a one-cell brainer can implement such an unsecure procedure).
ohh well, I think the majority does not understand or know what I talk about...
Your little crusade against SendAddonMessage makes no sense. An addon could just as well /yell anything it wanted and hide the yell from you. SAM only works if the other player has something to catch and handle the message, and is directly targeted at a small number of players, not everyone in /yell range. There is nothing wrong with SAM that isn't an issue with any system where you can communicate with other users.
-
View User Profile
-
View Posts
-
Send Message
Forum ModeratorThank you.
@Adirelle: This was exactly the answer I was looking for. I did no. 1) and 2) anyway but I was interested in no. 3) for more general purposes. So BNSendWhisper is the code to look for ... What about SendAddonMessage which according to Kunda could be used too for the broadcast? Or /yell as Tekkub said (really?) ... Is it mandatory to use BNSendWhisper to spread the collected information?
@Tekkub: It seems to be proven (and admitted by blue) that an addon can get your own RealID. Storing that information and spreading it to other users of that addon shouldn't be a problem? A lot of addons do that with a lot of other informations.
<quote>you can't message users that aren't on your friends list</quote>
Did Blizz somehow internally protect that RealID information and restricted the transmission to your friends list? Somebody said that whatever you store in your SavedVariables is free game.
Oh and a side note, I've been told that even in BN group chat your own real name will be going away sometime in the future, so there isn't too much to worry about really, for the paranoids. It sounded like they were just going to replace it with your current toon's name. Friends would still see your real name, though.
-
View User Profile
-
View Posts
-
Send Message
Curse Premium-
View User Profile
-
View Posts
-
Send Message
Curse Premium-
View User Profile
-
View Posts
-
Send Message
Curse PremiumI do not have to prove anything to people thinking that truth lies in ITALIC, BOLD, UPPERCASE TEXT.
Anyway, the BNetSendWhisper is not an issue anymore.